SPE: Security and Privacy Enhancement Framework for Mobile Devices
Title | SPE: Security and Privacy Enhancement Framework for Mobile Devices |
Publication Type | Journal Article |
Year of Publication | 2017 |
Authors | Krupp, B., Sridhar, N., Zhao, W. |
Journal | IEEE Transactions on Dependable and Secure Computing |
Volume | 14 |
Pagination | 433–446 |
ISSN | 1545-5971 |
Keywords | android, Android (operating system), compositionality, data privacy, Encryption, human factors, ios, iOS (operating system), iOS Security, Metrics, mobile computing, mobile devices, Mobile handsets, mobile privacy, mobile security, Multimedia communication, Ontologies, ontologies (artificial intelligence), Ontology, Operating systems, operating systems (computers), privacy, pubcrawl, Resiliency, security, security and privacy enhancement, security of data, sensing, Sensors, SPE, unmodified mobile operating systems |
Abstract | In this paper, we present a security and privacy enhancement (SPE) framework for unmodified mobile operating systems. SPE introduces a new layer between the application and the operating system and does not require a device be jailbroken or utilize a custom operating system. We utilize an existing ontology designed for enforcing security and privacy policies on mobile devices to build a policy that is customizable. Based on this policy, SPE provides enhancements to native controls that currently exist on the platform for privacy and security sensitive components. SPE allows access to these components in a way that allows the framework to ensure the application is truthful in its declared intent and ensure that the user's policy is enforced. In our evaluation we verify the correctness of the framework and the computing impact on the device. Additionally, we discovered security and privacy issues in several open source applications by utilizing the SPE Framework. From our findings, if SPE is adopted by mobile operating systems producers, it would provide consumers and businesses the additional privacy and security controls they demand and allow users to be more aware of security and privacy issues with applications on their devices. |
URL | http://ieeexplore.ieee.org/document/7182290/?reload=true |
DOI | 10.1109/TDSC.2015.2465965 |
Citation Key | krupp_spe:_2017 |
- Multimedia communication
- unmodified mobile operating systems
- SPE
- sensors
- sensing
- security of data
- security and privacy enhancement
- security
- Resiliency
- pubcrawl
- privacy
- operating systems (computers)
- operating systems
- Ontology
- ontologies (artificial intelligence)
- Ontologies
- android
- Mobile Security
- mobile privacy
- Mobile handsets
- mobile devices
- mobile computing
- Metrics
- iOS Security
- iOS (operating system)
- ios
- Human Factors
- encryption
- data privacy
- Compositionality
- Android (operating system)